Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the API endpoints responsible for updating and deleting inventory item attachments. An attacker can access or modify attachments belonging to other users by sending crafted requests as an authenticated user...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the API endpoints responsible for updating and deleting inventory item attachments. An attacker can access or modify attachments belonging to other users by sending crafted requests as an authenticated user...

CVE-2025-53108 HomeBox Missing User Authorization

HomeBox is a home inventory and organization system. Prior to 0.20.1, HomeBox contains a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform unauthorized actions on inventory item...

CVE-2025-53108

CVE-2025-53108 (HomeBox) : A missing authorization check in the HomeBox API endpoints for updating and deleting inventory item attachments allows authenticated users to act on attachments owned by others, leading to potential unauthorized data manipulation or loss of inventory data. The issue is ...

PT-2025-27638 · Homebox · Homebox

Name of the Vulnerable Software and Affected Versions: HomeBox versions prior to 0.20.1 Description: The issue is related to a missing authorization check in the API endpoints responsible for updating and deleting inventory item attachments. This flaw allows authenticated users to perform...